Daily NCSC-FI news followup 2019-09-23

Dear network operators, please use the existing tools to fix security

www.zdnet.com/article/dear-network-operators-please-use-the-existing-tools-to-fix-security/ Internet routing may well be a screaming car wreck, but a deployathon by the Asia Pacific Network Information Centre (APNIC) has shown how short, focused efforts can make a difference.. Routers use the Border Gateway Protocol (BGP) to tell each other the current best ways to route internet traffic, but the system relies on everyone telling the truth.. As APNIC’s chief scientist Geoff Huston says, internet routing is therefore a “system that relies on the propagation of rumours”.

Massive wave of account hijacks hits YouTube creators

www.zdnet.com/article/massive-wave-of-account-hijacks-hits-youtube-creators/ Over the past few days, a massive wave of account hijacks has hit YouTube users, and especially creators in the auto-tuning and car review community, a ZDNet investigation discovered following a tip from one of our readers.. Several high-profile accounts from the YouTube creators car community have fallen victim to these attacks already.. But the YouTube car community wasn’t the only one targeted. Other YouTube creatorss also reported having their accounts hijacked last week, and especially over the weekend, with tens of complaints flooding Twitter and the YouTube support forum.

xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations

unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/ Between May and June 2019, Unit 42 observed previously unknown tools used in the targeting of transportation and shipping organizations based in Kuwait.. The first known attack in this campaign targeted a Kuwait transportation and shipping company in which the actors installed a backdoor tool named Hisoka. Several custom tools were later downloaded to the system in order to carry out post-exploitation activities. All of these tools appear to have been created by the same developer. We were able to collect several variations of these tools including one dating back to July 2018. . Through comparative analysis, we identified related activity also targeting Kuwait between July and December 2018, which was recently reported by IBM X-Force IRIS. While there are no direct infrastructure overlaps between the two campaigns, historical analysis shows that the 2018 and 2019 activities are likely related.

New North Korean malware targeting ATMs spotted in India

www.zdnet.com/article/new-north-korean-malware-targeting-atms-spotted-in-india/ Another version of the same malware, but with RAT-like features, spotted targeting Indian research centers.. North Korean hackers have developed and have been observed using a new malware strain that can be planted on ATM systems and used to record and steal data from payment cards inserted into a machine.

Hello! My name is Dtrack

securelist.com/my-name-is-dtrack/93338/ Our investigation into the Dtrack RAT actually began with a different activity. In the late summer of 2018, we discovered ATMDtrack, a piece of banking malware targeting Indian banks. Further analysis showed that the malware was designed to be planted on the victims ATMs, where it could read and store the data of cards that were inserted into the machines. . Naturally, we wanted to know more about that ATM malware, so we used YARA and Kaspersky Attribution Engine to uncover more interesting material: over 180 new malware samples of a spy tool that we now call Dtrack.

Microsoft Issues Windows Security Update for 0Day Vulnerability

www.bleepingcomputer.com/news/security/microsoft-issues-windows-security-update-for-0day-vulnerability/ Microsoft released two out of band security updates today for remote code execution (RCE) and denial of service (DoS) security vulnerabilities impacting Internet Explorer and Windows Defender, respectively.. The first one is a zero-day RCE vulnerability tracked as CVE-2019-1367 and disclosed by Clément Lecigne of Googles Threat Analysis Group.. The CVE-2019-1367 scripting engine memory corruption vulnerability is known to have been exploited in the wild and it “exists in the way that the scripting engine handles objects in memory in Internet Explorer.”. The second security patch was issued to fix a Microsoft Defender denial of service vulnerability tracked as CVE-2019-1255 and disclosed by Charalampos Billinis of F-Secure Countercept and Wenxu Wu of Tencent Security Xuanwu Lab.

Microsoft to Force Modern Auth in Exchange Online to Enhance Security

www.bleepingcomputer.com/news/security/microsoft-to-force-modern-auth-in-exchange-online-to-enhance-security/ Microsoft announced that Basic Authentication will be turned off in Exchange Online for Exchange ActiveSync (EAS), POP, IMAP, and Remote PowerShell starting October 13, 2020. This comes after a previous announcement made last year about plans to stop supporting and fully decommission Basic Authentication in Exchange Web Services (EWS) API for Office 365. Basic Authentication (also known as proxy authentication) is the process through which apps are sending username/password pairs with every request made when connecting to a server, an endpoint, or an online service, with the credentials often being stored locally on the device. Microsoft plans to disable Basic Authentication and only allow Modern Authentication in Exchange Online for Exchange ActiveSync (EAS), POP, IMAP, and Remote PowerShell at the same time to mitigate its security issues.. Read also:


More Hidden App Malware Found on Google Play with over 2.1 Million Downloads

www.symantec.com/blogs/threat-intelligence/hidden-adware-google-play Malicious apps hide themselves after installation and aggressively display full-screen advertisements. In recent times weve seen multiple malicious apps found in the Google Play Store by various cyber security firms, including Symantec, yet this problem doesnt seem to be dissipating. We have uncovered another wave of malicious apps in the Play Store which have been downloaded more than 2.1 million times. We reported these apps to Google on September 2, 2019, and they were removed from the store. A total of 25 Android Package Kits (APKs), mostly masquerading as a photo utility app and a fashion app, were published under 22 different developer accounts, with the initial sample uploaded in April 2019. These 25 malicious hidden apps share a similar code structure and app content, leading us to believe that the developers may be part of the same organizational group or, at the very least, are using the same source code base.

Bulletin (SB19-266) – Vulnerability Summary for the Week of September 16, 2019


You might be interested in …

Daily NCSC-FI news followup 2019-09-09

Newly Discovered Infostealer Attack Uses LokiBot www.fortinet.com/blog/threat-research/new-infostealer-attack-uses-lokibot.html The FortiGuard Labs SE team identified a new malicious spam campaign on August 21st,, which we discovered after an analysis of information initially found on VirusTotal. It targeted a large US manufacturing company utilizing the well documented infostealer LokiBot. Interestingly enough, this also has a compilation date of […]

Read More

Daily NCSC-FI news followup 2019-06-12

Kyberhyökkääjä iski Lahden kaupungin verkkoon haittaohjelma ehti saastuttaa tietokoneita yle.fi/uutiset/3-10827423 Lahden kaupungin verkkoon ja työasemiin kohdistui kyberhyökkäys tiistaina iltapäivällä. Hyökkäyksen seurauksena verkko kuormittui ja ohjelma ehti saastuttaa koneita. Haittaohjelma on tunnistettu, ja virustorjuntaohjelmisto eristää sen tartunnan saaneissa koneissa, , kertoo kaupunki tiedotteessaan. Operaattorin palomuureissa on havaittu haittaohjelmaan liittyviä yhteysavauksia ja verkkoliikennettä, joka on estetty.. Myös: […]

Read More

Daily NCSC-FI news followup 2019-10-02

Vulnerability in Cisco Webex and Zoom may expose online meetings to snooping www.helpnetsecurity.com/2019/10/01/prying-eye-vulnerability/ Cequence Securitys CQ Prime Threat Research Team discovered of a vulnerability in Cisco Webex and Zoom video conferencing platforms that potentially allows an attacker to enumerate or list and view active meetings that are not protected. How SMBs Can Mitigate the Growing […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.